I spent a lot of time finding this out, so please boot into a linux live cd for the following example or use a Raspberry Pi. Connecting a NFC device to a VM running linux will not work reliable because the drivers mess with this timing. Important notice: NFC and the used attack depend a lot on timing. Here is a basically memory layout of a Mifare Classic tag: This section is only writeable on some special chinese tags. Sector 0 Block 0 also contains a non changeable UID (the tags unique ID) and some manufacturer data. As an example you can define to use Key A for reading the block and Key B for writing to it. Each sector has two keys: Key A and Key B Each of the 16 sectors can define it’s own access right and wich key is needed for a particular action. Before reading a sector, the reader must authenticate to the tag with a secret access key. Each of these sectors has 3 blocks of data storage and 1 block for storing the secret access keys and access controls. There are also other types like the “Mifare Classic 4k” and the “Mifare Mini” each having a different memory size.Ī Mifare Classic 1k tag contains 16 sectors. 1k stands for the size of data the tag can store. The NFC tag I analyzed is a so called “Mifare Classic 1k” tag.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |